icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

StrongHold < 3.0 build 3015 File System Disclosure

Medium

Synopsis

The remote web server (RedHat StrongHold Web server) allows anyone to disclose sensitive system files, including httpd.conf, by requesting the URLs /stronghold-info and /stronghold-status.

Description

The remote web server (RedHat StrongHold Web server) allows anyone to disclose sensitive system files, including httpd.conf, by requesting the URLs /stronghold-info and /stronghold-status. An attacker may use this flaw to gain a better intimate knowledge about the remote host and make more focused attacks.

Solution

Upgrade to version 3.0 build 3015 or higher.